locked
Change AD domain of a KMS server RRS feed

  • Question

  • All of our clients and the KMS server (Win7 and Office 2013) used to be on domain A and now all clients have been moved to domain B, but KMS is still on domain A. I've been asked to plan migrating the KMS server to domain B. What are the catches and things to check and to do when unjoining KMS from A and joining to B?
    Monday, July 20, 2020 9:42 AM

Answers

  • Hi,

    KMS itself doesn't know, or care, about authentication and AD memberships. So obviously your clients are still able to find the KMS although they are on different domains now. This can be achieved by several methods:

    1. you, or someone else, already created the VLMCS service record in the new domain, and it is pointing to IP --> nothing to do, just unjoin and rejoin
    2. you, or someone else, already created the VLMCS service record in the new domain, and it is pointing to FQDN --> you will need to adjust the service record to the new FQDN or republish it
    3. your deployment process sets the KMS for your clients, and IP address is used --> nothing to do or fear
    4. your deployment process sets the KMS for your clients, and FQDN is used --> you will need to create a DNS record or alias making the old FQDN point to the IP or the new FQDN while you are amending the deployment process and maybe roll out a task to the client that changes the KMS server that is set there.

    Evgenij Smirnov

    http://evgenij.smirnov.de


    Monday, July 20, 2020 6:43 PM

All replies

  • Hi,

    KMS itself doesn't know, or care, about authentication and AD memberships. So obviously your clients are still able to find the KMS although they are on different domains now. This can be achieved by several methods:

    1. you, or someone else, already created the VLMCS service record in the new domain, and it is pointing to IP --> nothing to do, just unjoin and rejoin
    2. you, or someone else, already created the VLMCS service record in the new domain, and it is pointing to FQDN --> you will need to adjust the service record to the new FQDN or republish it
    3. your deployment process sets the KMS for your clients, and IP address is used --> nothing to do or fear
    4. your deployment process sets the KMS for your clients, and FQDN is used --> you will need to create a DNS record or alias making the old FQDN point to the IP or the new FQDN while you are amending the deployment process and maybe roll out a task to the client that changes the KMS server that is set there.

    Evgenij Smirnov

    http://evgenij.smirnov.de


    Monday, July 20, 2020 6:43 PM
  • I'm not sure if I understand "your deployment process" on item 3 and 4?
    • Edited by Ray Darv1 Monday, July 20, 2020 8:21 PM
    Monday, July 20, 2020 8:19 PM
  • I'm not sure if I understand "your deployment process" on item 3 and 4?
    Some organisations do not rely on DNS but set the address and port of the KMS server on each client directly, usually at deployment time.

    Evgenij Smirnov

    http://evgenij.smirnov.de

    Monday, July 20, 2020 8:42 PM
  • Got it. Thanks. I'm checking the KMS server and don't see any key on it. The only "Not Licensed" is the KMS server itself. Am I supposed to see the licenses and the statuses here or not? 

    Also, from an online post, I did nslookup -type=srv _vlmcs._tcp and got so many KMS servers on Domain B that none are from my department. I think we've been tapping into other departments' licenses on Domain B.

    How can I check if my KMS on local domain A is still being used by my physically local computers on domain B, and is there a way to see which KMS server is being used by the clients?

    Monday, July 20, 2020 10:28 PM
  • How can I check if my KMS on local domain A is still being used by my physically local computers on domain B, and is there a way to see which KMS server is being used by the clients?

    The output of

    slmgr.vbs -dlv 

    on the client contains that information.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Monday, July 20, 2020 10:34 PM